[dns-operations] DNS deluge for x.p.ctrc.cc

Joe Greco jgreco at ns.sol.net
Mon Feb 27 22:05:46 UTC 2006

> Joe Greco wrote:
> >>Geo. wrote:
> >>
> >>>>Both George and Joe are right. It is a problem. Still, solving one and
> >>>>leaving another untended just because one was used as the attack vector
> >>>>is silly. Are we to forever leave problem unattended?
> >>>
> >>>Gadi,
> >>>
> >>>I'm unclear on what you are suggesting. What problem is left unattended with
> >>>DNS if you cannot spoof UDP packets?
> >>
> >>Recursive servers. There is no reason why this can't be abused in other 
> >>means. ping -f was pretty interesting in the day.
> >>
> >>No?
> >>
> >>If we stop being mathematicians for a second trying to understand how 
> >>everything works and making it work better, and be physicists and throw 
> >>more computing power at it (a bigger botnet) one can potentially, using 
> >>this or some other means, cause some pretty serious damage.
> >>
> >>Spoofing just makes this attack "pretty" and a whole lot more efficient.
> > 
> > 
> > Gadi,
> > 
> > If you cannot spoof, then when you request a record for x.p.ctrc.cc and
> > it returns a 4000 byte record, it's returning it to you.
> > 
> > Now, explain what the problem with that is.
> If you don't own the machines attacking, and you send one packet from 
> each machine every 3 seconds...
> "It's simple, numbers -- they have more"
> How big of a botnet are you going to need?

You've lost me.  Draw a picture or fill in the blanks.

... JG
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the dns-operations mailing list